Verizon 3rd Party Vendor Exposes Millions of Customers’ Data

One of Verizon’s 3rd party vendors exposed millions of customers’ data last month, as first reported by ZDNet. The data, at least according to Verizon, is not extremely sensitive, but does include some personal information, like phone numbers and authentication PINs used to contact call centers. Depending on who you believe, the number of customers affected are anywhere between 6 million and 14 million. Verizon suggests the lower number is accurate.

Who exactly is affected by the data breach? Verizon’s statement yesterday says specifically that the data was provided to a vendor who was supporting a project aimed to improve a “residential and small business wireline self-service call center portal.” We’ve independently confirmed with Verizon that this is a wireline issue and that it does not directly involve wireless customers. I say “not directly” because a Wireline customer could obviously also be a Wireless customer and their Verizon Wireless number could have been exposed if they have it attached to a Wireline account.

The 3rd party vendor who exposed the data was Nice Systems, a company that Verizon and a whole bunch of other Fortune 100 companies work with. Thanks to a “human error” of one of Nice’s employees that flipped some sort of security switch on a cloud server making the data public, the data was exposed to anyone with the direct URL of the content.

Verizon’s says that UpGuard, the researcher who discovered the data, was the only person outside of Verizon or Nice who accessed anything and that there “has been no loss or theft of Verizon or Verizon customer information.” But while Verizon says that the information in the data set was limited, UpGuard found customer names, cell phone numbers, account PINs, home addresses, email addresses, current balances on accounts, and daily log files, including references to voice conversations with customers and call center reps.

Verizon was first notified of the exposed data on June 13 and closed it off on June 22.

You should probably reset any PINs on your account at this point, for sure if you are a Wireline customer, but maybe also as a Wireless customer, just to be safe.